You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hive.apache.org by ng...@apache.org on 2022/02/03 11:17:57 UTC
[hive] branch master updated: HIVE-25875: Hive support for parallel authentication types LDAP/SAML in http mode (Saihemanth Gantasala reviewed by Naveen Gangam)
This is an automated email from the ASF dual-hosted git repository.
ngangam pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/hive.git
The following commit(s) were added to refs/heads/master by this push:
new b975e47 HIVE-25875: Hive support for parallel authentication types LDAP/SAML in http mode (Saihemanth Gantasala reviewed by Naveen Gangam)
b975e47 is described below
commit b975e47209fb188d047fa23aeaac058ae28fd393
Author: saihemanth <sa...@cloudera.com>
AuthorDate: Wed Jan 19 23:46:21 2022 +0530
HIVE-25875: Hive support for parallel authentication types LDAP/SAML in http mode (Saihemanth Gantasala reviewed by Naveen Gangam)
---
.../hive/service/auth/AuthenticationProviderFactory.java | 2 +-
.../java/org/apache/hive/service/auth/saml/HiveSamlUtils.java | 2 +-
.../org/apache/hive/service/cli/thrift/ThriftHttpServlet.java | 10 +++++++---
3 files changed, 9 insertions(+), 5 deletions(-)
diff --git a/service/src/java/org/apache/hive/service/auth/AuthenticationProviderFactory.java b/service/src/java/org/apache/hive/service/auth/AuthenticationProviderFactory.java
index c820b1a..063091c 100644
--- a/service/src/java/org/apache/hive/service/auth/AuthenticationProviderFactory.java
+++ b/service/src/java/org/apache/hive/service/auth/AuthenticationProviderFactory.java
@@ -52,7 +52,7 @@ public final class AuthenticationProviderFactory {
public static AuthMethods getValidAuthMethod(String authMethodStr)
throws AuthenticationException {
for (AuthMethods auth : AuthMethods.values()) {
- if (authMethodStr.equals(auth.getAuthMethod())) {
+ if (authMethodStr.toLowerCase().contains(auth.getAuthMethod().toLowerCase())) {
return auth;
}
}
diff --git a/service/src/java/org/apache/hive/service/auth/saml/HiveSamlUtils.java b/service/src/java/org/apache/hive/service/auth/saml/HiveSamlUtils.java
index 748d70d..ae01251 100644
--- a/service/src/java/org/apache/hive/service/auth/saml/HiveSamlUtils.java
+++ b/service/src/java/org/apache/hive/service/auth/saml/HiveSamlUtils.java
@@ -36,7 +36,7 @@ public class HiveSamlUtils {
public static final String MESSAGE_KEY = "message";
public static boolean isSamlAuthMode(String authType) {
- return authType.equalsIgnoreCase(HiveAuthConstants.AuthTypes.SAML.toString());
+ return authType.toLowerCase().contains(HiveAuthConstants.AuthTypes.SAML.toString().toLowerCase());
}
/**
diff --git a/service/src/java/org/apache/hive/service/cli/thrift/ThriftHttpServlet.java b/service/src/java/org/apache/hive/service/cli/thrift/ThriftHttpServlet.java
index 20274ff..61832f0 100644
--- a/service/src/java/org/apache/hive/service/cli/thrift/ThriftHttpServlet.java
+++ b/service/src/java/org/apache/hive/service/cli/thrift/ThriftHttpServlet.java
@@ -214,9 +214,13 @@ public class ThriftHttpServlet extends TServlet {
}
} else if (HiveSamlUtils.isSamlAuthMode(authType)) {
// check if this request needs a SAML redirect
- if (needsRedirect(request, response)) {
+ String authHeader = request.getHeader(HttpAuthUtils.AUTHORIZATION);
+ if ((authHeader == null || authHeader.isEmpty()) && needsRedirect(request, response)) {
doSamlRedirect(request, response);
return;
+ } else if(authHeader.toLowerCase().startsWith(HttpAuthUtils.BASIC.toLowerCase())) {
+ //LDAP Authentication if the header starts with Basic
+ clientUserName = doPasswdAuth(request, HiveAuthConstants.AuthTypes.NONE.toString());
} else {
// redirect is not needed. Do SAML auth.
clientUserName = doSamlAuth(request, response);
@@ -247,7 +251,7 @@ public class ThriftHttpServlet extends TServlet {
// Generate new cookie and add it to the response
if (requireNewCookie &&
- !authType.equalsIgnoreCase(HiveAuthConstants.AuthTypes.NOSASL.toString())) {
+ !authType.toLowerCase().contains(HiveAuthConstants.AuthTypes.NOSASL.toString().toLowerCase())) {
String cookieToken = HttpAuthUtils.createCookieToken(clientUserName);
Cookie hs2Cookie = createCookie(signer.signCookie(cookieToken));
@@ -508,7 +512,7 @@ public class ThriftHttpServlet extends TServlet {
throws HttpAuthenticationException {
String userName = getUsername(request, authType);
// No-op when authType is NOSASL
- if (!authType.equalsIgnoreCase(HiveAuthConstants.AuthTypes.NOSASL.toString())) {
+ if (!authType.toLowerCase().contains(HiveAuthConstants.AuthTypes.NOSASL.toString().toLowerCase())) {
try {
AuthMethods authMethod = AuthMethods.getValidAuthMethod(authType);
PasswdAuthenticationProvider provider =